• Among firms that have been attacked before, almost half (43 percent) paid the ransom
• 84 percent of  information technology (IT) executives at firms that had not faced ransom attacks said they would never pay a ransom
• 23 percent of firms indicated they were prepared to pay a ransom
• Companies that paid ransoms reported an average of $7,500
• 59 percent of respondents said they either had hired ex-hackers to help with security or were willing to do so
• It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible
• Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.

There are other costs involved with cyberattacks, including significant reputational and operational costs on victims. When polled about the top risks they faced from cyberattacks, 34 percent of respondents named brand reputation, followed by operational loss (31 percent), revenue loss (30 percent), productivity loss (24 percent), and share price value (18 percent) were also included in the top concerns.